Categories

Jabber/XMPP Privacy Policy

The Hot-Chilli team is committed to the privacy and security of your data on our servers. This includes all Internet services provided by us, including this website and the XMPP/Jabber services.

General privacy statement

Generally we do not and do not want to gather or store information about you, log your conversations, or engage in any other behavior that would compromise your privacy and security in any way. However, certain services provided by us, especially the XMPP/Jabber services, need to store information so that the services can by used by you, e.g. we need to store passwords so that you can logon to our services. We do not automatically gather any personal information like your name or address about you. The only exceptions are information that you may voluntarily submit. We do not give or sell data to a third party.
Please note that if we are forced by law to cooperate with law enforcement agencies we will (have to). This might also include surrender data.

XMPP/Jabber

The following information is stored when using our XMPP/Jabber services:

  • Jabber ID (= JID, username and domain, e.g. user@jabber.hot-chilli.net)
  • Jabber and Transport passwords
    (Jabber passwords are stored as hashed SCRAM-SHA-1 and in plain text for all Jabber transport services. We do not like saving the transport passwords in plain text as well as you most likely won’t like it, but it simply has technical reasons. We take your privacy seriously, so we never will use this information in any form. Anyway, it is a good security practice to always use a unique password for each service or website that you access, and we strongly encourage you to use an unique password for all of our services as well.)
  • Roster (= contact list)
  • Offline messages
    (Private messages are instant messages that you send to other XMPP/Jabber users on our or other servers. If your messages are sent through other services then it is possible that those services can log your messages, and we do not have control over those services. However, your messages are never intentionally logged here on our server. If you are not online when someone sends you a message, the message is stored on our server for delivery when you log in again. This so called offline message storage is not encrypted and messages are kept for 93 days. After delivery, the offline messages are deleted automatically and also before the expiry of the specified retention period on our server.)
  • Message Archives
    (Message Archive Management, also know as MAM, is disabled by default on our server. If you enable it, your messages are stored on our server. The message storage is not encrypted and messages are kept for 31 days and then deleted automatically.)
  • Timestamp of last logon/logoff action
  • Any data which the XMPP/Jabber client saves on the server, e.g. vCards
  • Data saved by Transport/Gateway services (e.g. ICQ, AIM…)
    (Username, password and contact list on/from the specific transport/gateway, also last login timestamp)
  • Chat rooms
    (If logging was activated by the users themselves. We ourselves did not activate logging for any chat rooms, except our support room. The chat room message storage is not encrypted and messages are kept for 31 days and then deleted automatically.)
  • HTTP Upload
    (Using HTTP Upload you can upload files onto our server. The maximum size per file is 512MB, 1GB overall. These files are stored for 31 days and will automatically deleted after this time period.)
  • Email address
    (If you decide to add an email address to your XMPP/Jabber account for account/password recovery – which is completely optional and not needed at all to create an account on our server.)

The following information is not stored when using our XMPP/Jabber services:

  • IP addresses
    (Our XMPP/Jabber services do not log information about your IP address. As the only exception we log IP addresses from failed login attempts. Also we reserve the right to block specific IP addresses as well as whole IP address ranges that threatened or may thread our services and to keep a list of such offending IP addresses. This list of blacklisted IPs will not be made public.)
  • Web

    • Our web server providing this web site logs visitors including IP addresses. This is the standard behavior of most web servers worldwide.
    • Our web forms for registering and deleting an XMPP/Jabber account and also for adding an email address or changing the password to this account run through our web server. So IP addresses are logged when performing these tasks.
    • If you use our contact form the data you enter there (name, email address, message text) will be stored and sent to us.
    • We also use Piwik for web statistics. You can opt out of Piwik logging if you uncheck the box:

    Account deletion

    An automatic deletion of unused XMPP and Spectrum 2 Transport accounts is active and executed once a day. Deletion takes place if:

    • A XMPP account using one of our public domains was not used (no login occured) for more than a year. The corresponding Spectrum 2 Transport accounts are deleted as well.
    • A new registered XMPP account using one of our public domains was not used (a login never occured) for more than 31 days.
    • A Spectrum 2 Transport account created with an external XMPP account was not used (no login occured) for more than a year.

    Backup

    In order to prevent service interruptions, we back up data related to our services. These backups include system backups, configuration files and databases.

5 replies on “Jabber/XMPP Privacy Policy”

ladymer says:

i need help what is the step after i have a JID account and finish for transport pre-registration or how can i open my account?

Roi says:

What do you mean? You just use it with the web client or a client on your computer, phone or tablet of your choice. Like Pidgin or IM+.

Certificate needer says:

Where do I get the certificate?

Roi says:

You want to check the certificate presented by our Jabber server with some public certificate or fingerprint downloadable on this website, for example? If yes, it isn’t on our website, yet. But I can put it there if you like.

Certificate needer says:

Yes ;)

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)